CVE-2020-10189 – Zoho ManageEngine Desktop Central File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2020-10189
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. Zoho ManageEngine Desktop Central anterior a la versión 10.0.474 permite la ejecución remota de código debido a la deserialización de datos no seguros en getChartImage en la clase FileStorage. Esto está relacionado con los servlets CewolfServlet y MDMLogUploaderServlet. Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution. • https://www.exploit-db.com/exploits/48224 https://github.com/zavke/CVE-2020-10189-ManageEngine http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html https://cwe.mitre.org/data/definitions/502.html https://srcincite.io/advisories/src-2020-0011 https://srcincite.io/pocs/src-2020-0011.py.txt https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html https://www.zdnet.com/article/zoho-zero-day-published-on-twitter https: • CWE-502: Deserialization of Untrusted Data •
CVE-2019-12876
https://notcve.org/view.php?id=CVE-2019-12876
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. Zoho ManageEngine ADManager Plus versión 6.6.5, ADSelfService Plus versión 5.7, y DesktopCentral versión 10.0.380 tiene permisos no seguros, lo que conlleva a una escalada de privilegios desde los privilegios de bajo nivel hasta el sistema. • http://www.securityfocus.com/bid/109298 https://www.criticalstart.com/2019/07/manageengine-privilege-escalation • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-12133
https://notcve.org/view.php?id=CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus. Varios productos Zoho ManageEngine sufren una escalada de privilegios locales debido a permisos inapropiados para el directorio %SYSTEMDRIVE%\ManageEngine y sus subcarpetas. • https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html • CWE-427: Uncontrolled Search Path Element CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-11717
https://notcve.org/view.php?id=CVE-2018-11717
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 100251. Aprovechando el acceso a un archivo de registro, un atacante dependiente del contexto puede obtener (dependiendo de los módulos configurados) la contraseña/nombre de usuario cifrada en Base64 de las cuentas AD, la contraseña/nombre de usuario y las opciones de mail en texto claro de la cuenta EAS (una cuenta AD empleada para enviar mails), la contraseña en texto claro recovery_password de los dispositivos Android, la contraseña en texto claro de la cuenta "set", la ubicación de los dispositivos inscritos en la plataforma (con el UUID e información relacionada con el nombre de la persona en la ubicación), información crítica sobre todos los dispositivos inscritos, como el número de serie, el UUID, el modelo, el nombre y auth_session_token (que puede emplearse para suplantar una identidad de terminal en la plataforma), etc. • https://blog.netxp.fr/manageengine-deep-exploitation https://www.manageengine.com/products/desktop-central/vulnerability-in-log-files.html • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2018-11716
https://notcve.org/view.php?id=CVE-2018-11716
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 100230. Hay un acceso remoto no autenticado a todos los archivos de registro de una instancia Desktop Central que contienen información crítica (información privada como la localización de dispositivos inscritos, contraseñas en texto claro, nivel de parche, etc.) mediante una petición GET en los puertos 8022, 8443 o 8444. • https://blog.netxp.fr/manageengine-deep-exploitation https://www.manageengine.com/products/desktop-central/vulnerability-in-log-files.html • CWE-532: Insertion of Sensitive Information into Log File •